Meltdown & Spectre

News outlets clamored this week to report a severe design flaw in all modern processors, including Intel, AMD, and ARM processors. In sum, the bugs – Meltdown and Spectre – allow applications, malware, and JavaScript running in web browsers, to obtain sensitive data, such as passwords, your personal photos, emails, instant messages and even business-critical documents. Meltdown was dubbed because it basically melts security boundaries, which are normally enforced by the hardware. And Spectre is based on the root cause, speculative execution.

Our teams have been analyzing these computer infrastructure vulnerabilities, and here’s what we know:

It’s everywhere: The flaw is somewhat unique in that it affects the processor hardware, making it an “equal opportunity” vulnerability. Large-scale organizations such as Microsoft, Intel and AMD are currently on the hook for providing patches.

Band-Aids are available: Patches are trickling in from these larger manufacturers, but it’s important to note these do not address the core hardware issue.

Slowing the melt: As more patches become available and are vetted by our managed IT support teams, we will communicate roll-out plans if and when applicable to our client environments. If you’re not an Agio client, contact us.

Performance hit: That said, preliminary information suggests these software band-aids are introducing performance degradation, so in some instances we are dealing with a trade-off situation.

Your risk: As with many vulnerabilities, the most significant exposure comes from internet-facing systems that interact with public hosts regularly. Critical systems that are isolated and accessible only from the inside are less susceptible. So far no known exploits exist, but they are highly anticipated due to the large potential impact of this flaw. When in doubt, use your best judgement.

Looking ahead: Since this is a hardware flaw, this likely means a firmware update on any of your equipment that uses the aforementioned processors.

We’ve Got You Covered We know the onslaught of security news can be overwhelming, and we tailor our communications to the most relevant and need-to-know information. If you wish to learn how Agio can help you stay protected against security vulnerabilities, speak to a member of our support team today.